hg: jdk6/jdk6/jdk: 23 new changesets
abhijit.saha at sun.com
abhijit.saha at sun.com
Tue Mar 30 16:43:45 PDT 2010
Changeset: c60109723bf8
Author: dl
Date: 2009-11-18 11:39 +0000
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/c60109723bf8
6888149: AtomicReferenceArray causes SIGSEGV -> SEGV_MAPERR error
Summary: Avoid integer overflow by using long arithmetic
Reviewed-by: dholmes, alanb, chegar
! src/share/classes/java/util/concurrent/atomic/AtomicIntegerArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicLongArray.java
! src/share/classes/java/util/concurrent/atomic/AtomicReferenceArray.java
Changeset: 2e29fe2bfc9c
Author: chegar
Date: 2009-11-23 12:51 +0000
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/2e29fe2bfc9c
6639665: ThreadGroup finalizer allows creation of false root ThreadGroups
Reviewed-by: alanb, hawtin
! src/share/classes/java/lang/ThreadGroup.java
Changeset: 1cd847ef273e
Author: weijun
Date: 2009-11-23 19:05 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/1cd847ef273e
6898622: ObjectIdentifer.equals is not capable of detecting incorrectly encoded CommonName OIDs
Reviewed-by: mullan, xuelei
! src/share/classes/sun/security/util/ObjectIdentifier.java
+ test/sun/security/util/Oid/BerOid.java
Changeset: 3b74a067dcb4
Author: alanb
Date: 2009-11-25 13:05 +0000
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/3b74a067dcb4
6736390: File TOCTOU deserialization vulnerability
Reviewed-by: hawtin
! src/share/classes/java/io/File.java
Changeset: cda5a0661316
Author: sherman
Date: 2009-11-25 15:40 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/cda5a0661316
6745393: Inflater/Deflater clone issue
Summary: To use an explicit lock object
Reviewed-by: alanb
! src/share/classes/java/util/zip/Deflater.java
! src/share/classes/java/util/zip/Inflater.java
+ src/share/classes/java/util/zip/ZStreamRef.java
! src/share/native/java/util/zip/Deflater.c
! src/share/native/java/util/zip/Inflater.c
Changeset: 4509549ab091
Author: mchung
Date: 2009-11-30 08:25 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/4509549ab091
6893947: Deserialization of RMIConnectionImpl objects should enforce stricter checks [ZDI-CAN-588]
Summary: narrow the doPrivileged block to only set context ClassLoader
Reviewed-by: hawtin, emcmanus
! src/share/classes/javax/management/remote/rmi/RMIConnectionImpl.java
Changeset: 065fc20465a9
Author: michaelm
Date: 2009-12-02 12:51 +0000
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/065fc20465a9
6893954: Subclasses of InetAddress may incorrectly interpret network addresses
Summary: runtime type checks and deserialization check
Reviewed-by: chegar, alanb, jccollet
! src/share/classes/java/net/DatagramSocket.java
! src/share/classes/java/net/InetAddress.java
! src/share/classes/java/net/MulticastSocket.java
! src/share/classes/java/net/NetworkInterface.java
! src/share/classes/java/net/Socket.java
! src/share/classes/sun/nio/ch/Net.java
Changeset: 76484a1390b5
Author: michaelm
Date: 2009-12-02 13:39 +0000
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/76484a1390b5
Merge
Changeset: a82975fed3bb
Author: asaha
Date: 2009-12-04 10:22 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/a82975fed3bb
Merge
Changeset: 56d70fff0a49
Author: xuelei
Date: 2009-12-08 20:14 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/56d70fff0a49
6898739: TLS renegotiation issue
Summary: the interim fix disables TLS/SSL renegotiation
Reviewed-by: mullan, chegar, wetmore
! src/share/classes/sun/security/ssl/ClientHandshaker.java
! src/share/classes/sun/security/ssl/Handshaker.java
! src/share/classes/sun/security/ssl/SSLEngineImpl.java
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
! src/share/classes/sun/security/ssl/ServerHandshaker.java
! test/sun/security/ssl/com/sun/net/ssl/internal/ssl/SSLSocketImpl/InvalidateServerSessionRenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/JSSERenegotiate.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/CheckStatus.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/ConnectionTest.java
! test/sun/security/ssl/javax/net/ssl/NewAPIs/SSLEngine/NoAuthClientAuth.java
Changeset: c33996d22908
Author: mullan
Date: 2009-12-09 14:13 -0500
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/c33996d22908
6633872: Policy/PolicyFile leak dynamic ProtectionDomains.
Reviewed-by: hawtin
! src/share/classes/java/security/Policy.java
! src/share/classes/java/security/ProtectionDomain.java
+ src/share/classes/sun/misc/JavaSecurityProtectionDomainAccess.java
! src/share/classes/sun/misc/SharedSecrets.java
! src/share/classes/sun/security/provider/PolicyFile.java
Changeset: 0d6a7c587b34
Author: mullan
Date: 2009-12-09 14:17 -0500
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/0d6a7c587b34
Merge
Changeset: 30601d76d1a9
Author: malenkov
Date: 2009-12-22 17:34 +0300
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/30601d76d1a9
6904691: Java Applet Trusted Methods Chaining Privilege Escalation Vulnerability
Reviewed-by: hawtin, peterz
! src/share/classes/java/beans/EventHandler.java
! src/share/classes/java/beans/Statement.java
! test/java/beans/EventHandler/Test6277246.java
! test/java/beans/EventHandler/Test6277266.java
Changeset: 475c20b5ead9
Author: michaelm
Date: 2010-01-12 15:24 +0000
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/475c20b5ead9
6910590: Application can modify command array, in ProcessBuilder
Reviewed-by: michaelm, chegar
! src/share/classes/java/lang/ProcessBuilder.java
Changeset: a70c2cb935ed
Author: bae
Date: 2010-02-17 14:47 +0300
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/a70c2cb935ed
6909597: Sun Java Runtime Environment JPEGImageReader stepX Integer Overflow Vulnerability
Reviewed-by: igor
! src/share/native/sun/awt/image/jpeg/imageioJPEG.c
Changeset: 47494ceba862
Author: bae
Date: 2010-02-19 21:34 +0300
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/47494ceba862
6914866: Sun JRE ImagingLib arbitrary code execution vulnerability
Reviewed-by: prr
! src/share/native/sun/awt/medialib/awt_ImagingLib.c
! src/share/native/sun/awt/medialib/safe_alloc.h
Changeset: 54cecb672e0f
Author: bae
Date: 2010-02-19 22:13 +0300
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/54cecb672e0f
6899653: Sun Java Runtime CMM readMabCurveData Buffer Overflow Vulnerability
Reviewed-by: prr
! src/share/native/sun/java2d/cmm/lcms/cmsio1.c
! src/share/native/sun/java2d/cmm/lcms/cmsxform.c
Changeset: b6fe2c6e58e3
Author: bae
Date: 2010-02-19 22:50 +0300
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/b6fe2c6e58e3
6914823: Java AWT Library Invalid Index Vulnerability
Reviewed-by: prr
! src/share/classes/sun/awt/image/ImageRepresentation.java
Changeset: 0fc5eabbab3a
Author: ksrini
Date: 2010-02-22 14:27 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/0fc5eabbab3a
6902299: Java JAR "unpack200" must verify input parameters
Summary: Added several checks for addition of values before memory allocation
Reviewed-by: asaha
! src/share/native/com/sun/java/util/jar/pack/bytes.cpp
! src/share/native/com/sun/java/util/jar/pack/unpack.cpp
! test/tools/pack200/MemoryAllocatorTest.java
Changeset: d45c527b8218
Author: denis
Date: 2010-03-01 07:17 -0800
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/d45c527b8218
6887703: Unsigned applet can retrieve the dragged information before drop action occur
Reviewed-by: uta
! src/share/classes/sun/awt/dnd/SunDropTargetContextPeer.java
Changeset: ed52e9d31440
Author: asaha
Date: 2010-03-15 16:39 -0700
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/ed52e9d31440
Merge
- test/sun/tools/native2ascii/test2
Changeset: 61629da41f38
Author: asaha
Date: 2010-03-25 16:42 -0700
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/61629da41f38
Merge
! src/share/classes/sun/security/ssl/SSLSocketImpl.java
Changeset: 599b469958a8
Author: asaha
Date: 2010-03-30 07:58 -0700
URL: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/599b469958a8
Merge
More information about the jdk6-dev
mailing list